Foreword xiii

Preface xix

Acknowledgments xxiii

Chapter 1: What Is GRC, and Why Does It Matter? 1

What Is GRC? 2

Why GRC Matters 3

Chapter 2: Culture, the Critical Driver 5

What Is Culture? 5

More Cultural Failures 6

Companies That Got It Right 8

Being Legal, Honest, Candid, and . . . 10

Integrity versus Spin 13

Speaking the Same Language 16

Chapter 3: Cost–Effective Compliance Programs 21

The Back–Breaking Costs 22

Beyond the Direct Costs 24

Major Mistakes at Platinum–Branded Companies 24

How Companies Got Where They Are 30

Keys to Getting It Right 31

The Compliance Office 36

Making It Happen 38

The Rewards 39

Chapter 4: Ethics Programs: Another Foundational Block 41

Tone at the Top 42

Problems at Daimler 42

Elements of an Ethics Program 43

Setting the Tone at the Top: Hewlett–Packard 51

Chapter 5: Risk Management and the Financial System’s Near Meltdown 59

What Went So Terribly Wrong 59

The Regulatory System 63

Merrill Lynch 65

Where Were the Boards? 68

Did CEOs See It Coming? 70

Chapter 6: What Is Risk Management About? 75

Risk 76

Risk Management 79

Enterprise Risk Management 80

Is It Really Worth the Effort? 85

ERM Application Techniques 88

Key Risk Indicators 91

BP 92

Chapter 7: Implementing ERM 99

Drivers for ERM 99

Pitfalls 102

Effective Implementation 106

Roles and Responsibilities 114

Chapter 8: Does Internal Control Really Matter? 119

Impact of SOX 404 on Financial Reporting 122

Responsibility for SOX 404 124

Other Relevant SOX Provisions 126

Do Effective Financial Reporting Controls Really Prevent Fraudulent Financial Reporting? 127

Real Life in the C–Suite 130

Chapter 9: Control over Operational Performance 133

IT Controls 134

Société Générale 135

Washington Mutual 139

Countrywide Financial Corporation 143

The Foreclosure Fiasco 144

Chapter 10: Boards of Directors’ Focus 153

A Focus on the Rules 155

Truly Effective Boards 156

A Public Watchdog? 158

Societal Responsibility 160

Potential Pitfalls 163

Chapter 11: Overseeing Strategy and Risk Management 169

Strategy 169

Risk Management 173

Chapter 12: CEO Compensation, Succession Planning, and Crisis Management 185

CEO Compensation 185

Succession Planning 192

Crisis Management 196

Chapter 13: Performance Measurement and Reporting 201

Performance Measures 201

Financial Reporting 205

Chapter 14: Building an Effective Board 219

Looking Objectively 220

A Shift in Direction 221

Building a Better Board 223

Board Assessments 226

Bottom Line 230

Chapter 15: Avoiding Board Pitfalls 231

Following the Herd 231

Obtaining Critical Information 238

A Leaky HP Board 245

Another Leak—What Was He Thinking? 249

Chapter 16: Where the Power Lies 251

A Tug of War 252

Shareholder Activism 252

Recent Achievements 253

Dodd–Frank’s Proxy Access 256

Where to Draw the Line 261

Finding the Right Balance 262

Where We Need to Evolve 264

Chapter 17: Structural Issues at the Board 265

Combined versus Separate Chairman and CEO 265

Empowering CEOs in a Shifting Landscape 271

Director Compensation 274

Chapter 18: Looking to the Future 281

New Models for Board Governance 281

A Healthy Governance Environment 285

Boards’ Perspectives on Risk 289

Grasping the Holy Grail of Governance 290

What the Future Holds 293

About the Author 299

Index 301

RICHARD M. STEINBERG is founder and CEO of Steinberg Governance Advisors, Inc. He is a nationally recognized expert on governance, risk, and control, and advises boards of directors of major multinational, large, and middle–market companies. He is a former senior partner of PricewaterhouseCoopers (PwC) and the leader of its corporate governance advisory practice. As an expert in internal control and risk management, Steinberg served as the lead project partner in developing the Committee of Sponsoring Organizations of the Treadway Commission′s (COSO′s) Internal Control—Integrated Framework, and led development of COSO′s Enterprise Risk Management—Integrated Framework, the landmark reports recognized as standards for effective internal control and risk management. He has been featured on CNBC′s Morning Call and Bloomberg TV′s Bloomberg on the Markets and The Bloomberg Report; has guest–lectured at leading business schools including Columbia, MIT, and NYU; has been quoted in publications such as BusinessWeek, Fortune, the Wall Street Journal, Dow Jones MarketWatch, CNN Money, and the Financial Times; and is a monthly columnist for Compliance Week.

Praise for Governance, Risk Management, and Compliance

"Rick Steinberg is a time–tested expert in this ever more essential field. His refreshing candor in assessing recent shortfalls makes this book a must–read for corporate leaders." —Mark R. Fetting, Chairman and CEO, Legg Mason, Inc.

"This outstanding book provides a critically important perspective on how risk management can only be truly achieved by aligning culture, strategy, compliance programs, and compensation. It should be must reading for any board member concerned with improving the management of risk."—Jay Lorsch, Louis E. Kirstein Professor of Human Relations, Harvard Business School

"A comprehensive and insightful examination of corporate governance. A must–read for those of us who are CEOs and serve on public boards" —Randall L. Clark, Chairman and CEO, Dunn Tire LLC; former Chairman and CEO, Dunlop Tire North America

"Attention directors and officers: Ignore this book at your own peril. Richard Steinberg has crafted a careful, thoughtful approach to managing risks, and it should be required reading for Corporate America."—Scott S. Cohen, founder and former Editor and Publisher, Compliance Week

"Richard Steinberg′s comprehensive and clearly written work will substantially benefit both new and experienced directors. It will help corporate boards recognize the challenging forces businesses face, as well as the techniques and standards available to intelligently monitor and supervise firms and their senior management. An easy and engaging read, this book should be on the bookshelf of every corporate director."—William T. Allen, Director, NYU Pollack Center of Law & Business; former Chancellor, Court of Chancery of the State of Delaware

"Richard Steinberg, a respected and time–proven governance hand, has written a most enjoyable and thought–provoking work—an excellent addition to anyone′s governance shelf!" —Charles Elson, Edgar S. Woolard, Jr., Chair in Corporate Governance and Director of the Weinberg Center for Corporate Governance, University of Delaware